Josh Zenker

Malware researchers recently discovered a particularly dastardly new type of ransomware, still under development. It gives its victims the option to either pay up or infect others to get the decryption keys to their data. At the very least, it sounds like an evil social experiment.

CNN.com has a reputation among my colleagues in IT for how long it takes to load its front page. I reasoned that it must be pulling in many resources from third party sites. Therefore I thought it would be an ideal target for the Burp Suite intercepting proxy.

When I originally posted, I didn’t see that someone already posted the news about CyMotive, so here is a different article that focuses on a study conducted by Tripwire, an industry leader in enterprise-class security, compliance, and IT operations solutions.

“According to the Department of Homeland Security, the energy sector faces more cyber attacks than any other industry. Despite the frequency in attacks, energy IT professionals participating in Tripwire’s survey were very confident in their ability to collect the data needed to detect a cyber attack…

“‘These results show that most security professionals are assuming they are doing the right things to secure their environments, but lack real world data to back up their assumptions,’ said Travis Smith, senior security research engineer for Tripwire. ‘This highlights the importance of testing security controls to ensure they are functioning as expected. It’s not enough to install security tools throughout the environment. You must test the policies and procedures to be confident the controls in place will stop or detect real-world intrusions…'”

I find it especially worrisome that an industry so essential to our success as a country—and demonstrably under constant cyber attack—seems to overestimate its capability to detect and respond to such attacks.

With all the recent concern about the security of Internet-connected cars, it probably comes as no surprise that Volkswagen has formed an automotive cyber security firm with three former members of Israel’s Shin Bet intelligence agency, including its former head Yuval Diskin. They are calling the new firm CyMotive Technologies. According to Gartner, there are already 22 cyber security companies either focused on automobiles or containing divisions that do. The article seems to suggest that CyMotive will be the first such company directly affiliated with a car manufacturer.